2.2 - Information Classification
Exam Board:
OCR
Specification:
2016 - Unit 2
Information can be classified into different groups. Some data may fall into more than one classification.
Sensitive Information
Description:
Information that should be protected from being publicly released as it could harm the safety or privacy of an organisation or an individual.
​
Examples:
-
Medical data that could be embarrassing to an individual if released.
-
Financial data that will negatively impact the company if made public to competitors.
Non-Sensitive Information
Description:
Information that can be released publicly with no fear of negative consequence.
​
Examples:
-
Store information including shop addresses, opening hours and the names of senior managers.
-
Product information including prices, online reviews and general availability.
Private Information
Description:
Private information relates to an individual and it should not be shared with anyone else without the data subject's permission. Private information is protected by the Data Protection Act and would need to be stored securely so it cannot be accessed without authorisation.
​
Examples:
-
Home addresses, contact information, birth dates and banking details.
-
Employee data such as linked bank accounts and addresses.
Public Information
Description:
Released to the public and can therefore be seen by anyone. Public information is non-sensitive.
​
Examples:
-
Social media usernames, posts and shared images.
-
Public business information including addresses, promotional material and opening times.
-
A government report like the national census every ten years.
Personal Information
Description:
Identifiable data about a specific individual.
​
Examples:
-
Full name, date of birth, gender, marital status, medical history, sexual orientation and voting history.
Business Information
Description:
Any kind of data about a specific business. This information could be public or private.
​
Examples:
-
Address of its headquarters
-
Financial data or employee details.
-
Annual sales figures.
Confidential Information
Description:
Private data that is more restricted than sensitive information, with access limited to only those who need to know.
​
Examples:
-
Doctor / therapist notes
-
Business Profits and losses
-
Trade secrets
Classified Information
Description:
Highly sensitive information stored by a government institution, requiring the highest levels of restricted access. Access is usually restricted by law and only viewable by authorised individuals or groups. In the UK there are three levels of classified information: OFFICIAL, SECRET and TOP SECRET.
Examples: ​
-
Military data
-
Terrorism precautions
-
Crime scene reports
Anonymised Information
Description:
Anonymisation removes personally identifiable data from information so that an individual cannot be identified. This allows the information to be used in much wider context without running the risk of legal action.
​
Examples:
-
Partially anonymised information - where some of the personal information has been removed and replaced by a symbol.
-
Completely anonymised information - where all identifiable data has been removed.
​
Bank details are often partially or completely anonymised. A partially anonymised credit card number might be listed as:
​
**** - **** - **** - 7427
​
Problems with anonymising data include:
-
If sensitive data is not anonymised enough and the person can be identified.
-
Useful information could be lost if too much data is anonymised.
-
The public could lose trust in an organisation if data is insufficiently anonymised.
Questo's Questions
2.2 - Information Classification:
​
1. Describe each type of information classification and give at least two examples:
-
a. Sensitive information [3]
-
b. Non-Sensitive information [3]
-
c. Private information [3]
-
d. Public information [3]
-
e. Business information [3]
-
f. Confidential information [3]
-
g. Classified information [3]
-
h. Anonymised information (partial and complete) [6]
​
2. State which classification(s) the following pieces of information would be categorised as. It might fit into more than one category.
-
a. Shop opening times [1]
-
b. Medical history [1]
-
c. Twitter username [1]
-
d. Crime scene report [1]
​
3. Describe three problems that organisations should consider when anonymising data. [6]